elastic · brijesh-elastic · Apr 17, 2026 · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.44.0"
+  changes:
+    - description: Update README documentation as per new guideline.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18498
 - version: "1.43.5"
   changes:
     - description: Update R2 setup documentation to require the `region` field instead of stating it is not needed.

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: Access Request logs
+    title: Access Request
     description: Collect Access Request logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: Access Request logs
+    title: Access Request
     description: Collect Access Request logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -90,7 +90,7 @@ streams:
         multi: false
         required: false
         show_user: true
-        description: "URL of the AWS SQS queue that messages will be received from.\nThis is only required if you want to collect logs via AWS SQS.\nThis is a Access Request data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
+        description: "URL of the AWS SQS queue that messages will be received from.\nThis is only required if you want to collect logs via AWS SQS.\nThis is an Access Request data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
       - name: bucket_list_prefix
         type: text
         title: '[S3] Bucket Prefix'
@@ -210,7 +210,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: Access Request logs
+    title: Access Request
     description: Collect Access Request logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -290,7 +290,7 @@ streams:
           - forwarded
           - cloudflare_logpush-access_request
   - input: azure-blob-storage
-    title: Access Request logs
+    title: Access Request
     description: Collect Access Request logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -393,9 +393,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: Audit logs
+    title: Audit
     description: Collect Audit logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: Audit logs
+    title: Audit
     description: Collect Audit logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -90,7 +90,7 @@ streams:
         multi: false
         required: false
         show_user: true
-        description: "URL of the AWS SQS queue that messages will be received from. \nThis is only required if you want to collect logs via AWS SQS.\nThis is an audit data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
+        description: "URL of the AWS SQS queue that messages will be received from.\nThis is only required if you want to collect logs via AWS SQS.\nThis is an Audit data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
       - name: bucket_list_prefix
         type: text
         title: '[S3] Bucket Prefix'
@@ -210,7 +210,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: Audit logs
+    title: Audit
     description: Collect Audit logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -290,7 +290,7 @@ streams:
           - forwarded
           - cloudflare_logpush-audit
   - input: azure-blob-storage
-    title: Audit logs
+    title: Audit
     description: Collect Audit logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -393,9 +393,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: CASB Findings logs
+    title: CASB Findings
     description: Collect CASB Findings logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: CASB Findings logs
+    title: CASB Findings
     description: Collect CASB Findings logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -210,7 +210,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: CASB Findings logs
+    title: CASB Findings
     description: Collect CASB Findings logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -290,7 +290,7 @@ streams:
           - forwarded
           - cloudflare_logpush-casb
   - input: azure-blob-storage
-    title: CASB Findings logs
+    title: CASB Findings
     description: Collect CASB Findings logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -393,9 +393,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: Device Posture Results logs
+    title: Device Posture Results
     description: Collect Device Posture Results logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: Device Posture Results logs
+    title: Device Posture Results
     description: Collect Device Posture Results logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -196,7 +196,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: Device Posture Results logs
+    title: Device Posture Results
     description: Collect Device Posture Results logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -276,8 +276,8 @@ streams:
           - forwarded
           - cloudflare_logpush-device_posture
   - input: azure-blob-storage
-    title: Device Posture Results logs logs
-    description: Collect Device Posture Results logs logs from Cloudflare via Azure Blob Storage.
+    title: Device Posture Results
+    description: Collect Device Posture Results logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
     vars:
@@ -379,9 +379,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: DLP Forensic Copies logs
+    title: DLP Forensic Copies
     description: Collect DLP Forensic Copies logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: DLP Forensic Copies logs
+    title: DLP Forensic Copies
     description: Collect DLP Forensic Copies logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -90,7 +90,7 @@ streams:
         multi: false
         required: false
         show_user: true
-        description: "URL of the AWS SQS queue that messages will be received from. \nThis is only required if you want to collect logs via AWS SQS.\nThis is a DLP Forensic Copies data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
+        description: "URL of the AWS SQS queue that messages will be received from.\nThis is only required if you want to collect logs via AWS SQS.\nThis is a DLP Forensic Copies data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
       - name: bucket_list_prefix
         type: text
         title: '[S3] Bucket Prefix'
@@ -196,7 +196,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: DLP Forensic Copies logs
+    title: DLP Forensic Copies
     description: Collect DLP Forensic Copies logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -276,7 +276,7 @@ streams:
           - forwarded
           - cloudflare_logpush-dlp_forensic_copies
   - input: azure-blob-storage
-    title: DLP Forensic Copies logs
+    title: DLP Forensic Copies
     description: Collect DLP Forensic Copies logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -379,9 +379,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: DNS logs
+    title: DNS
     description: Collect DNS logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: DNS logs
+    title: DNS
     description: Collect DNS logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -90,7 +90,7 @@ streams:
         multi: false
         required: false
         show_user: true
-        description: "URL of the AWS SQS queue that messages will be received from. \nThis is only required if you want to collect logs via AWS SQS.\nThis is a dns data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
+        description: "URL of the AWS SQS queue that messages will be received from.\nThis is only required if you want to collect logs via AWS SQS.\nThis is a DNS data stream specific queue URL. In order to avoid data loss, do not configure the same SQS queue for more than one data stream."
       - name: bucket_list_prefix
         type: text
         title: '[S3] Bucket Prefix'
@@ -210,7 +210,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: DNS logs
+    title: DNS
     description: Collect DNS logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -290,7 +290,7 @@ streams:
           - forwarded
           - cloudflare_logpush-dns
   - input: azure-blob-storage
-    title: DNS logs
+    title: DNS
     description: Collect DNS logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -393,9 +393,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false

@@ -3,7 +3,7 @@ type: logs
 streams:
   - input: http_endpoint
     template_path: http_endpoint.yml.hbs
-    title: DNS Firewall logs
+    title: DNS Firewall
     description: Collect DNS Firewall logs from Cloudflare via HTTP endpoint.
     vars:
       - name: listen_port
@@ -80,7 +80,7 @@ streams:
         description: >
           The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.
   - input: aws-s3
-    title: DNS Firewall logs
+    title: DNS Firewall
     description: Collect DNS Firewall logs from Cloudflare via S3 or SQS.
     template_path: aws-s3.yml.hbs
     vars:
@@ -196,7 +196,7 @@ streams:
         description: >-
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
   - input: gcs
-    title: DNS Firewall logs
+    title: DNS Firewall
     description: Collect DNS Firewall logs from Cloudflare via GCS.
     template_path: gcs.yml.hbs
     vars:
@@ -276,7 +276,7 @@ streams:
           - forwarded
           - cloudflare_logpush-dns_firewall
   - input: azure-blob-storage
-    title: DNS Firewall logs
+    title: DNS Firewall
     description: Collect DNS Firewall logs from Cloudflare via Azure Blob Storage.
     enabled: false
     template_path: abs.yml.hbs
@@ -379,9 +379,9 @@ streams:
         default: false
       - name: preserve_duplicate_custom_fields
         required: true
-        show_user: false
+        show_user: true
         title: Preserve duplicate custom fields
-        description: Preserve github.audit fields that were copied to Elastic Common Schema (ECS) fields.
+        description: Preserve custom fields for all ECS mappings.
         type: bool
         multi: false
         default: false